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DETAILED ACTION 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 3-9, 11-15 and 17-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent Pub. No. 2004/0148520 Al to Talpade et al. in view of 
U.S. Patent Pub. No. 2002/0083175 Al to Afek et al. 

As to claim 1, Talpade et al. discloses network comprising of: a plurality of edge 
routers (fig. 2 , 226,228) a plurality of core routers (fig. 2, 202,where core routers are 
parts of the ISP network, page 2, [0016]) adapted to allow communication between said 
plurality of edge routers; a VPN application (fig.2 , 232, analysis engine)in 
communication with a first one of said plurality of edge routers(, pg.2 , [0017], where the 
analysis engine is connected to the border router and edge router), said VPN 
application having a first IP address; and a discloses a black-hole router ("filter router" , 
fig.2 , 230) in communication with said core routers, 

Talpade does not expressly disclose the black-hole routers injecting a second IP 
address into the ISP VPN network. 

In an analogous art, Afek discloses black-hole router ("guard machines" which 
are similar to the filtering router, fig.2, G0-G3) adapted to inject a second IP 
address(server private address) into said ISP VPN network, said second IP address 
comprising: the same address as the first IP address;(similar address as it is recognized 
by the backbone or core routers, the guard machines, and server interfaces, page 10, 
[0255]) a higher preference value than said first IP address (page 10, [0248], [0253]); 
and a community value(routing information) such that when said second IP address is 
injected, a selected first number of edge routers direct VPN traffic addressed for said 



Application/Control Number: 10/782,512 
Art Unit: 4134 



Page 3 



first IP address to said VPN application(page 10, [0248], [0253], where diverted traffic is 
directed to the guards which is performing the same functions as the VPN application) 
and a selected second number of edge routers direct VPN traffic addressed for said first 
IP address to said black hole router (page 10, [0248], [0253], where the traffic is 
redirected to different guard machines) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Afek to use a black hole router to inject a 
secondary ip address into the network . The rationale behind this modification is to 
divert traffic using the secondary ip address so as to migitate a DDoS attack. 
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As to claim 3, Afek et al. discloses the ISP network wherein said black-hole 
router (guard machines) injects said second IP address (routing information) in 
response to a Distributed Denial of Service (DDOS) attack on said VPN application. ( 
page 1 1 , [0257]) 

As to claim 4, Afek et al discloses the ISP network wherein said community 
value(routing information) can be changed in real-time by said black-hole router (guard 
machines), (page 1 1 , [0261 )], where the guard decide when the attack has ended and 
reverse the settings previously performed) 

As to claim 5, Afek et al. discloses the ISP network, wherein said ISP network 
utilizes dynamic routing protocols (RIP, OSPF, page 1 1 , [0258]) in combination with 
community-based route filtering (IP address ingress and egress filters, page 1 1 , [0265]) 
to propagate the injected second IP address to said edge routers. 

As to claim 6, Talpade et al. discloses the ISP network, wherein said second 
number of edge routers directs VPN traffic, addressed for said first IP address, to said 
black hole router( filter router), said black hole router is adapted to receive such traffic 
as black-holed-traffic (DDoS traffic)(page 4, [0032]), said black-hole router adapted to 
analyze said black-holed traffic in order to determine a ratio of attack traffic to legitimate 
traffic. (page 4, [0033], where filter router examines traffic and removes the DDoS traffic 
after checking to see if it is legitimate traffic.) 

As to claim 7, Talpade et al. discloses the ISP network where the network 
comprises of at least one route reflector ("traffic filter" which is a part of the "filter router") 
each one of said route reflectors being connected to a different set of edge routers from 
said plurality of edge routers, said route reflectors being adapted to update said edge 
routers with route instructions, such route instructions including said injected second 
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address, (page 2, [0017], "filter router" advertises this updated routing information to 
each border router and edge router) 

As to claims 8,9 and 11, these are methods corresponding to the method in 
claim 1 . Therefore it has been analyzed and rejected based upon system in claim 1 . 

As to claim 12, Talpade et al. discloses the method wherein said injected 
instruction (routing information) is a Border Gateway Protocol (BGP) routing instruction. 
( page 5, [0037]) 

As to claim 13, this is a method corresponding to system in claim 6. Therefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 14, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 

As to claims 15, this is a method corresponding to the method in claim 1 . 
Therefore it has been analyzed and rejected based upon system in claim 1 . 

As to claim 17, this is a method corresponding to system in claim 6. Therefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 18, this is a method corresponding to system in claim 4. Therefore it 
has been analyzed and rejected based upon system in claim 4. 

As to claim 19, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 
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3. Claims 2, 10, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Pub. No. 2004/0148520 Al to Talpade et al. in view of U.S. Patent 
Pub. No. 2002/0083175 Al to Afek et al. in further view of U.S. Patent Pub. No. 
2002/0037010 Al to Yamauchi . 

As to claim 2, Talpade as modified does not disclose a ISP system that is 
a Multiprotocol Label Switching Virtual Private Network (MLS VPN). 

Yamauchi does disclose a virtual private network that uses the Multiprotocol 
Label Switching. ( abstract) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Yamauchi to use the Multiprotocol Label 
switching in a VPN network which is a similar to the network used in the network taught 
by Talapade et al. The rationale behind this modification is that a particular known 
technique was recognized as part of the ordinary capabilities of one skilled in the art. 

As to claim 10, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 

As to claim 16, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOE CHACKO whose telephone number is (571)270- 
3318. The examiner can normally be reached on Monday-Friday 7:30am-5pm EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Lun-Yi Lao can be reached on 571-272-7671 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/JOE CHACKO/ 
Examiner, Art Unit 4134 
/LUN-YI LAO/ 

Supervisory Patent Examiner, Art Unit 4134 



